Re: [tcpm] TCP Stealth - possible interest to the WG
Hagen Paul Pfeifer <hagen@jauu.net> Mon, 18 August 2014 14:00 UTC
Return-Path: <hagen@jauu.net>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA08D1A0382 for <tcpm@ietfa.amsl.com>; Mon, 18 Aug 2014 07:00:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A86gv2t7v_z3 for <tcpm@ietfa.amsl.com>; Mon, 18 Aug 2014 07:00:06 -0700 (PDT)
Received: from mail-la0-f52.google.com (mail-la0-f52.google.com [209.85.215.52]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 169DA1A0343 for <tcpm@ietf.org>; Mon, 18 Aug 2014 07:00:04 -0700 (PDT)
Received: by mail-la0-f52.google.com with SMTP id b17so4468643lan.25 for <tcpm@ietf.org>; Mon, 18 Aug 2014 07:00:03 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=HyqDEyVZlMGh7JSfHNF9dUVr9O6u+vmz0Q2yBHBFUJs=; b=AyYO7bemjkA3GdGNGE+ta+NbB2/aZCHPvXLLEM0N6Pdk4F1WKqFT2zOynMXGVNFqXC As45k1q+VpSA+X16dwrzUJYZtGtv3Hxcfc53Zmi4zLtJKb5vnHGpblTP4A2WZO7GA/Ey YjbOj+rsRlIP9epgbtXxaILnPvDAEm8+0XINquJu3d5QkC8LKIL941oW+SeKykdbQZID BEI9ic71RrAuBPAr3zArDtseYWTTYU9Nt9X5BYx0KLlKfMDYhfH9exNzIvClTAflrAAE mp/aaKDTQ7azSYFvtg/RTfrYFeKdvAqu7KIsjHxReQjmrQoFjLw3eZ2IaRs+m3kmZVld wjmg==
X-Gm-Message-State: ALoCoQnaxwM69KeCDKNLEma1Pe0COsJBkK+ke6wnhG6S24mntuLbNiu6wBCgYNIzHtbU3TjH14U3
MIME-Version: 1.0
X-Received: by 10.112.172.38 with SMTP id az6mr27991641lbc.53.1408370403089; Mon, 18 Aug 2014 07:00:03 -0700 (PDT)
Received: by 10.152.242.42 with HTTP; Mon, 18 Aug 2014 07:00:03 -0700 (PDT)
X-Originating-IP: [80.246.32.33]
In-Reply-To: <ecdbe694b6964c159f64b1d3311c8cc6@hioexcmbx02-prd.hq.netapp.com>
References: <ecdbe694b6964c159f64b1d3311c8cc6@hioexcmbx02-prd.hq.netapp.com>
Date: Mon, 18 Aug 2014 16:00:03 +0200
Message-ID: <CAPh34mdNfgayzDfzwn31H-esgrNza06r1ZOdsCaK+fhc_LbruA@mail.gmail.com>
From: Hagen Paul Pfeifer <hagen@jauu.net>
To: "Scheffenegger, Richard" <rs@netapp.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpm/00TS_PYJgOijT1QYnrW7mrJ_BlM
Cc: "tcpinc@ietf.org" <tcpinc@ietf.org>, "tcpm (tcpm@ietf.org)" <tcpm@ietf.org>, Joe Touch <touch@isi.edu>
Subject: Re: [tcpm] TCP Stealth - possible interest to the WG
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Aug 2014 14:00:11 -0000
Hi Richard, tcpm, tcpinc the ground work for the ID is likely the following master thesis titled "Improved Kernel-Based Port-Knocking in Linux"[1]: Feeling a little bit unfortunate with this obfuscation technique but highly appreciate efforts to prevent mass scanning. BTW: discussion on this ID already started on perpass. Cheers, Hagen [1] https://gnunet.org/sites/default/files/ma_kirsch_2014.pdf On 16 August 2014 01:51, Scheffenegger, Richard <rs@netapp.com> wrote: > Hi, > > I just learned about an individual submission, which is probably of interest > not only to the members of these two WGs; > > http://tools.ietf.org/html/draft-kirsch-ietf-tcp-stealth-00 > > > On a first, casual glance, I am wondering if the authors have realized all > the implications of their suggestion; > > There seem to be at least two or three major issues that compromise either > the working and stability of TCP, or work against the intended > “stealthieness” of this modification (making it easy for an attacker to > identify such sessions, provided he is able to actively interfere with > segments in transit (ie. cause certain segments to be dropped). > > Nevertheless, it might be beneficial to discuss the generic idea in a wider > forum, among brighter minds than me. > > Richard Scheffenegger > > > > _______________________________________________ > tcpm mailing list > tcpm@ietf.org > https://www.ietf.org/mailman/listinfo/tcpm >
- [tcpm] TCP Stealth - possible interest to the WG Scheffenegger, Richard
- Re: [tcpm] TCP Stealth - possible interest to the… Hagen Paul Pfeifer
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpm] TCP Stealth - possible interest to the… Ted Faber
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Alfie John
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Alfie John
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Hagen Paul Pfeifer
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Hagen Paul Pfeifer
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Hagen Paul Pfeifer
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Florian Westphal
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Florian Westphal
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Yoshifumi Nishida
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Hagen Paul Pfeifer
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Hagen Paul Pfeifer
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Christian Grothoff
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Christian Grothoff
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Christian Grothoff
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Christian Grothoff
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Christian Grothoff
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Daniel Borkmann
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Alfie John
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Joe Touch
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Joe Touch
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Christian Grothoff